From 426d14bb4164290d93b5a0f61e925cb2dfc4aafa Mon Sep 17 00:00:00 2001 From: chip Date: Wed, 31 Jul 2024 04:32:32 +0900 Subject: [PATCH] check the main frame's origin in isolation.js (#10423) * check the main frame's origin in isolation.js * add changefile * correct changefile tag * use strict origin checking --- .changes/isolation-main-frame-origin.md | 6 ++++++ core/tauri-utils/src/pattern/isolation.js | 13 +++++++++---- core/tauri-utils/src/pattern/isolation.rs | 2 ++ core/tauri/src/manager/webview.rs | 1 + core/tauri/src/protocol/isolation.rs | 2 ++ 5 files changed, 20 insertions(+), 4 deletions(-) create mode 100644 .changes/isolation-main-frame-origin.md diff --git a/.changes/isolation-main-frame-origin.md b/.changes/isolation-main-frame-origin.md new file mode 100644 index 000000000..46c6a7856 --- /dev/null +++ b/.changes/isolation-main-frame-origin.md @@ -0,0 +1,6 @@ +--- +"tauri": "patch:sec" +"tauri-utils": "patch:sec" +--- + +Explicitly check that the main frame's origin is the sender of Isolation Payloads diff --git a/core/tauri-utils/src/pattern/isolation.js b/core/tauri-utils/src/pattern/isolation.js index 880ceb212..d929308e0 100644 --- a/core/tauri-utils/src/pattern/isolation.js +++ b/core/tauri-utils/src/pattern/isolation.js @@ -17,6 +17,11 @@ window.parent.postMessage(message, '*') } + /** + * @type {string} - The main frame origin. + */ + const origin = __TEMPLATE_origin__ + /** * @type {Uint8Array} - Injected by Tauri during runtime */ @@ -42,14 +47,14 @@ algorithm.name = 'AES-GCM' algorithm.iv = window.crypto.getRandomValues(new Uint8Array(12)) - const { contentType, data } = __RAW_process_ipc_message_fn__(payload) + const {contentType, data} = __RAW_process_ipc_message_fn__(payload) const message = typeof data === 'string' ? new TextEncoder().encode(data) : ArrayBuffer.isView(data) || data instanceof ArrayBuffer - ? data - : new Uint8Array(data) + ? data + : new Uint8Array(data) return window.crypto.subtle .encrypt(algorithm, aesGcmKey, message) @@ -101,7 +106,7 @@ * @param {MessageEvent} event */ async function payloadHandler(event) { - if (!isIsolationPayload(event.data)) { + if (event.origin !== origin || !isIsolationPayload(event.data)) { return } diff --git a/core/tauri-utils/src/pattern/isolation.rs b/core/tauri-utils/src/pattern/isolation.rs index 11351005b..64fa8beba 100644 --- a/core/tauri-utils/src/pattern/isolation.rs +++ b/core/tauri-utils/src/pattern/isolation.rs @@ -156,6 +156,8 @@ pub struct IsolationJavascriptCodegen { pub struct IsolationJavascriptRuntime<'a> { /// The key used on the Rust backend and the Isolation Javascript pub runtime_aes_gcm_key: &'a [u8; 32], + /// The origin the isolation application is expecting messages from. + pub origin: String, /// The function that processes the IPC message. #[raw] pub process_ipc_message_fn: &'a str, diff --git a/core/tauri/src/manager/webview.rs b/core/tauri/src/manager/webview.rs index 7bf8c351e..c19aedaed 100644 --- a/core/tauri/src/manager/webview.rs +++ b/core/tauri/src/manager/webview.rs @@ -336,6 +336,7 @@ impl WebviewManager { schema, assets.clone(), *crypto_keys.aes_gcm().raw(), + window_origin, ); pending.register_uri_scheme_protocol(schema, move |request, responder| { protocol(request, UriSchemeResponder(responder)) diff --git a/core/tauri/src/protocol/isolation.rs b/core/tauri/src/protocol/isolation.rs index 62206a87e..e31a4a6e2 100644 --- a/core/tauri/src/protocol/isolation.rs +++ b/core/tauri/src/protocol/isolation.rs @@ -20,6 +20,7 @@ pub fn get( schema: &str, assets: Arc, aes_gcm_key: [u8; 32], + window_origin: String, ) -> UriSchemeProtocolHandler { let frame_src = if cfg!(any(windows, target_os = "android")) { format!("http://{schema}.localhost") @@ -45,6 +46,7 @@ pub fn get( let template = tauri_utils::pattern::isolation::IsolationJavascriptRuntime { runtime_aes_gcm_key: &aes_gcm_key, + origin: window_origin.clone(), process_ipc_message_fn: PROCESS_IPC_MESSAGE_FN, }; match template.render(asset.as_ref(), &Default::default()) {